186700+ entries in 0.106s
erlehmann: phf yeah,
the results are not palatable
to people. “what i can not do ‘<script>document.write('<script>')</script>’ anymore?”
mircea_popescu: there's also
the suspicion
that
the only reason
this "appears
to work" as a securitizing approach has
to do strictyly with it not being in general use.
phf: erlehmann:
that is
true, but doesn't
take into account complete attack surface. i agree
that "write a proper parser" should be
the first step, but
that's also a baseline. problem is
that most of
these protocols are either non-regular, have
types
that depend on state (e.g. a fixnum whose range changes based on a flag), or are outright
turing complete
mircea_popescu: well up until now because i never heard of him ; from now on
tba.
erlehmann: and has a functioning bullshit detector. evidence: someone proposed a docker container
to run
the game “more easily”. linley politely declined.
erlehmann: mircea_popescu i believe linley is creative and knows his
theory. but no one ever asked him
to clean up his code.
mircea_popescu: but
the point is principally "try and make ANY sense of
the server mechanics"
erlehmann: we sometimes bump into each other at conferences. also i made
the yellow press (BILD) stylesheet for his blog some
time ago.
erlehmann: asciilifeform djb never replied
to my emails as well. i asked fefe about it and he was like “that guy has
tenure, he does not care, people had
to pester him for years
to make his stuff public domain”
erlehmann: at least
that is what he claims, i never
tried
erlehmann: mircea_popescu if you like RTS without multiplayer, i suggest
to
try out liberation circuit.
the math seems
to be fixed-point only, so real-time multiplayer should be possible if you can wade
through
the abysmal codebase.
mircea_popescu: at least
the kgb 2.0 is as bumblingly self-absorbed as
the original.
mircea_popescu: life
these days is muchly reminiscent of 1980s, reading comuniques from disidents behind
the iron curtain,
trying
to judge how genuine, what happened, etc.
erlehmann: phf i have worked on existing protocol.
the grammar codifies
the assumptions
that you as a programmer make.
take an ENUM in
the input, for example. grammar should only contain values you know you can process right.
mircea_popescu: phf i suspect he's young ; in any case excitable. give
the man a moment.
phf: diots" position. what you going
to audit ffmpeg? i'm saying
that
the correct solution is not
to run media decoder on a mission critical machine
phf: erlehmann: sure, but
the question is, are you designing your protocol from scratch or you're saying something about an existing protocol. and if you're designing it from scratch
then
there are existing long established solutions
that long predate langsec (unless of course
they are just an education organization). but if you're saying something about existing solutions, and you mentioned ffmpeg etc.,
then it's your classical security specialist "y'all i
erlehmann: well, gameplay-wise: units are limited by number of
ticks. want
to do
trigonometry? prepare
to sacrifice
ticks
erlehmann: there is a graphical unit designer
that sets up
the structs right
mircea_popescu: so far
this seems ~same as what led eulora
to having open bots.
they are programed in... literal c.
erlehmann: mircea_popescu a real
time strategy game by linley henzell (who created overgod and garden of colored lights) where every unit is programmed in a language not entirely unlike C.
mircea_popescu: erlehmann can you explain
this liberation circuit
thing
to me ?
erlehmann: LANGSEC is about programmers able
to reason about protocols and state
transitions
erlehmann: phf i believe you misunderstand
the problem
mircea_popescu: asciilifeform altough after
that utterly shameful episode with
the
transvestite whore living at his house...
phf: erlehmann: people who can't roll
their own grammar can still buy
two separate machines
though
erlehmann: phf who believes people who cannot roll
their own grammar can roll
their own compar-virtual-boundary-thingy?
phf: fwiw, input parsing should probably be solved
through compartmentalization. don't run mpg123 on your gnupg machine. in any case djb likewise said all
that needs
to be said about "secure languages" in his "Some
thoughts on security after
ten years of qmail 1.0"
mircea_popescu: erlehmann "ugly", no. but sexually masculine (ie, suggestive of forceful copulation) names are very well documented
to.
erlehmann: i asked him at
two conferences and both
times he was like “i have
to answer lots of questions about crypto, ask later pls”
mircea_popescu: speaking of, what should
the flymake for lisp be called ? drool ? dribble ?
mircea_popescu: i suspect
the idea is
that systems which require something like make are broken anyway.
☟︎ erlehmann: meaning almost all software is rotten
to
the core based on
this alone
erlehmann: experimenting with a medium-size C++ project (liberation circuit) i found
that
there can be as much non-existence dependencies as “normal” dependencies
erlehmann: as always, make is shit and can not handle
this
erlehmann: but apparently, i am
the only one who does. DJB
thought of it, he has notes on it.
erlehmann: you can easily infer what
those files are using strace or similar methods
erlehmann: i am of
the opinion
that all build systems except my own redo implementation are shit. reason: non-existence dependencies. if you search for header files at locations A, B, C, find it at C,
then C is a dependency. but if non-existing A or B start
to exist,
the
target must rebuilt.
mircea_popescu: lol.
there's
that joke with
the christian and jew debating
the
truth of
the bible also.
mircea_popescu: actually in my youth i deemed as
the highest achievement in literature a situation where multiple parties participated in a conversation
that admits an interpretation for each.
erlehmann: at one langsec and
tea gathering i suspected
that every joke contains a misunderstanding on some level
mircea_popescu: hey, i beat
the slavegirls if
they fail
to infer ; and also if
they infer incorrectly.
erlehmann: i can, but it puts
the burden on me. possible misunderstandings.
erlehmann: i also highly prefer it if people
talk
to me like
that.
the worst people are
those
that are like “please send me
this and
that” – “send me an email with
the full details of what and where i should send it please” – “can't you just infer it from
the last
time you mailed me something?”
mircea_popescu: well, it'd better be, not so much else available
to
talk
to
these days, is
there.
erlehmann: i
think it is a good rule
to
talk
to autists
erlehmann: i have a
talent
to find errors by not comprehending stuff.
talk context-free or regular
to me!
erlehmann: putting
the mechanism in your head
erlehmann: maybe. ethereum has a gas price, yet it is still
turing complete, still reentrant, still vulnerable.
erlehmann: so it is like
testing a lot with malicious compliant
testers
erlehmann: asciilifeform
the problem is
the different assumption people have about components.
the programmer feeding input
to ffmpeg expects audio files
to be input. a recognizer would solve
that.
erlehmann: asciilifeform actually no, but i
think i know what you mean. zip bombs only work with programs
that do not do full recognition before processing.
erlehmann: no one expects 999gigabytes.mp3
to be a
text file instructing ffmpeg
to generate silence with a really high sample rate (around 1GB per second)
erlehmann: reason: ffmpeg
takes synthesizer instructions in plain
text
erlehmann: every idiot who just
takes an uploaded file and converts it using ffmpeg is just a 4 line
text file away from me filling whatever storage
the idiot has on
the converter system
erlehmann: mircea_popescu i
think i do understand
the many implementations
thing. data
that flowing over abstraction boundaries has
the potential
to
trigger a holographic fracture (i believe
that is how it is called).
to prevent
this, you need a parser and an unparser and both need
to have
the same grammar (max deterministic context-free) and check it.
mircea_popescu: in which mp discovers
that how
to register with deedbot is NOT actually linked in
the
topic.
erlehmann: yes, how
to participate. i might have read it at some point in
the past.
mircea_popescu: erlehmann well, i'll rate you so you'll be able
to self-voice. and see
topic, it's in
there.
erlehmann: mircea_popescu i was not aware a) registering is possible b) registering is desirable for me. so what do i get out of it and if i want
to do it, how?
Framedragger: good practice, props for persevering! (i'm
the "modularise, bitch" guy at work)
mircea_popescu: republic ain't gonna do it ; it's gonna
tell YOU
to do it
mircea_popescu: i suspect you ~don't~ get
the "many implementations"
thing after all :D
erlehmann: really, 3
to 4 months. some immediately get it, but others do it after
that
timeframe.
erlehmann: but it works.
turns out
that if you
tell people in code reviews for 3 months straight
that
they should define a grammar and check
their inputs,
they start
to do
that.
mircea_popescu: in
truth vdiff is an eminent domain for proper abstraction.
erlehmann: i am
the guy at my workplace who always rants about grammars, but i
think i am
the only one who actually did philosophy in university
erlehmann: so i can show it
to people who just want
to know what
to do
erlehmann: the seven
turrets of babel is a
TL;DR for langsec. it collects antipatterns (in section III) and remedies (in section IV)
a111: Logged on 2016-12-11 18:53 asciilifeform: so i had
two base64's png files in
there,
erlehmann: i
told all my coworkers
to read it. when i
told maradydd, she was like “well,
that's like
the intended purpose”
erlehmann: >
The Seven
Turrets of Babel: A
Taxonomy of LangSec Errors and How
to Expunge
Them, Falcon Darkstar Momot, Sergey Bratus, Sven M. Hallberg, Meredith L. Patterson
erlehmann: are you aware of
the seven
towers of babel?
erlehmann: sane software would have rejected everything not conforming
to
the grammar
erlehmann: which is
the only
thing
that makes vdiff possible